Events that defined the European information security landscape in 2012

Posted on 28 January 2013.

The past 12 months have been, to say the least, an active time for the information security landscape in Europe.

Hacktivism stories dominated mainstream media outlets, the public has been learning more about the privacy implications of their actions, and governments realized the complications that can arise from a cyber conflict.

We've reached out to a number of information security professionals all over Europe and here are some of the comments regarding the past 12 months that we've received.

Ligia Adam, Security Evangelist at Bitdefender

"Privacy was a big topic in 2012. Late last year the European Commission launched a proposal to create a new privacy right (the right to be forgotten) enabling users to control what information about them can be available on the Internet. The law was dismissed, as it was perceived as a limitation to the right of free speech and current business models. Also, the EU Cookie Law addressed the same topic, but it received better public approval.

Sadly, threats are still on the rise. Ranking second after North America in terms of Android malware reports, malware coders targeting European countries with money-stealing malware were more vicious during 2012."

Sean Sullivan, Security Advisor at F-Secure Labs

"I believe the greatest impact on last year's European security landscape was the hype before ITU's World Conference on International Telecommunications. I'm referring to investigations being promoted as tackling advanced threats, when it clearly wasn't the case.

There's also been a lot of pressure from nation states when it comes to protecting the critical infrastructure from cyber war.

Countries are rushing forward to create new jobs for defense contractors, while ignoring simple and smart policy decisions that could have a real practical affect for the majority of Europe’s computer users."

Luis Corrons, PandaLabs Technical Director

"Company data theft has been one of the major events in 2012. The good news is that these cases are making all companies aware of the real risks they are facing as well as the need of taking security measures to avoid becoming a victim.

Last year we've seen the second pan-European cyber exercise, known as “Cyber Europe 2012”. European experts from major financial institutions, telecommunications companies, internet service providers and local and national governments worked in this exercise.

This was the first time that banks and internet companies have been part of an EU-wide cyber-attack exercise. However its main focus was to respond to a simulated distributed denial of service attack. Let’s see if future exercises focus on different attack vectors."

James McDonagh, Technical Services Manager at Titania

"There are a number of reasons why cyber security was in the spotligh during the past year, with hacktivism being the most prominent one.

In the same year that 10 Downing Street’s website came under attack from Anonymous, Julian Assange holed up in the Ecuadorian embassy in London in order to avoid what he claimed was a politically motivated extradition.

This arguably defines the information security landscape in the sense that people are divided on his culpability. Some think he’s a criminal who is putting soldier’s lives at risk, while others think he’s an activist fighting for free speech.

In the same year, there was recognition from NATO of the cyber coalition 2012 war games and the fact that they mentioned they considered Russia as potential cyber aggressors, as well as Iran undertaking their first cyber warfare defence exercise in their war games.

These issues were all discussed in the media, and were taken seriously. For these reasons, among others, I would argue that 2012 was the year cyber security entered the mainstream.

Simon Moffatt, Infosec Consultant and Blogger

"2012 was a fascinating and headline grabbing year from an Infosec perspective. To me, the biggest change seemed to be that cyber security became a discussion point at every opportunity.

US and UK governments announced advanced new cyber security research centers with significant funding, supply chain issues were highlighted with the US report on network provider Huawei, whilst big security data analytics was on everyone's lips. Security seemed to move away from a 'nice to have', but became an essential component of brand protection and effective IT transformation.

Organizations are now attempting to proactively protect themselves from cyber attacks, that help to save or improve their reputation, with the recent ICO fine and clean costs recently revealed by Sony, proving a timely reminder that the attacks in 2012, will develop at a more frequent and advanced rate in 2013."

Spotlight

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

There is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect.